In order to facilitate the reading of the description to follow, a number of terms employed in the art are defined below:                Encryption: The process of turning readable data into cipher data.        Decryption: The process of transforming cipher data into readable data.        Cryptography: The science of transforming readable data into cipher data and back again.        Digital signature: The electronic equivalent of traditional handwritten signatures, usually an encrypted data entity upon which the source of the signature may be identified.        Key. A single numeric or alphanumeric value that is a part of an algorithm for encryption of data.        Hash function: A mathematical function which takes a variable-length input data and converts it into a fixed-length binary data, such that said fixed-length data identifies uniquely said variable-length data.        Digital seal: The fixed-length binary data produced by hash functions.        Biometric sample: A physiological or behavioral characteristic sample, transferred to a digital form.        Image of a biometric sample: The digitized form of a biometric sample.        Template of a biometric sample: A digital array associated uniquely with a biometric sample.        Authentication: A method for providing a user's identity (such as using passwords or authentication tokens).        Symmetric encryption: A method involving a single secret key for both encryption and decryption.        Asymmetric encryption: Encryption using pairs of public and private keys, also known as Public-key Cryptography.Digital Signatures        
Digital signatures are the electronic equivalent of traditional handwritten signatures. However, unlike handwritten signature, a digital signature is hard to forge. It is a computed digest of the text that is encrypted and sent with the text message. The recipient decrypts the signature and recomputes the digest from the received text. If the digest matches, the message is authenticated and proved intact from the sender. However, it cannot disclose what has been changed or how much has been changed in the document.
Digital signatures are especially important for electronic commerce and are a key component of most authentication schemes. To be effective, digital signatures must be unforgeable. There are a number of different encryption techniques to guarantee this level of security. Digital signatures do not provide privacy, but can be easily accomplished with an extra encryption step. Digital signatures and encryption can be used to provide authenticity, confidentiality, integrity, and non-repudiation.
Digital signatures rely on two cryptographic algorithms: public key (asymmetric) cryptography and hash functions.
Public/Private Key Cryptography
Two uniquely related keys are created—a Public key and a Private Key. Actually, they comprise very large numbers. What is encrypted with one key can only be decrypted with the other. One can freely distribute a Public key to recipients, but the Private key is retained by that individual alone.
If one encrypts a message with the Private key and sends it, the recipient can decrypt it with the available Public key, and has confidence that only the owner of the Private key was the author of the message. This is because the owner of the Private key is only one who can encrypt a message with the Private key.
If anyone encrypts a message with a Public key and sends it to the owner of the Private key, he can be confident that only the owner of the private key will be able to read that message.
Hash Function
Hash function is another tool used in digital signature techniques. A one-way hash function, also known as a message digest, fingerprint or compression function, is a mathematical function which takes a variable-length input string and converts it into a fixed-length binary sequence. Furthermore, a one-way hash function is designed in such a way that it is hard to reserve the process, that is, to find a string that hashes to a given value (hence the name one-way). A good hash function also makes it difficult to locate two strings producing the same hash value. Even a slight change in an input string should cause the hash value to change drastically. If 1 bit is flipped in the input string, at least half of the bits in the hash value will flip as a result.
Hash function may be used as a seal for a digital data, since it indicates that changes have been made in the data, similar to breaking the seal of a sealed letter.
Digital Signatures with Public-Key Cryptography and One-Way Hash Functions.
Digital signature assures the associates that the message has not been changed (integrity) and that it really originated from the sender (authenticity). Moreover, the sender is unable to deny having sent the message (non-repudiation) since he is the only one with access to his private key. Digital signatures do not provide privacy, but can be easily accomplished with an extra encryption step.
FIG. 1 schematically illustrates the steps for creating and verifying a digital signature:    1. Sender runs the document(s) through a hash function.    2. The hash function produces a message digest, a fingerprint of the message.    3. Sender encrypts the document(s) and the message digest with his private key then encrypts the encrypted data with the recipient's public key. The message digest forms the actual “digital seal.”    4. Sender transmits both the digital seal and the encrypted message to the recipient.    5. Recipient uses his private key to decrypt the received data and then uses sender's public key to decrypt the encrypted data. As a result the digital document(s) and the digital seal are disclosed.    6. To ensure that the document(s) have not been altered, the recipient runs the document(s) through the same hash function that the sender used.    7. In comparing both digests, the recipient ensures that the content of the message has not been modified by a third party.
To keep objects safe and secure, the following are necessary:                Authentication—assurance of identity.        Authorization—that the party is sanctioned for a particular function.        Privacy—confidentiality.        Data integrity—proof that the object has not been altered.        Non-repudiation—protection against denial of origin of a communication or data.        
When all of these requirements are met, the Internet can be used with confidence for all business communication. In order for electronic commerce to take off, a trusted environment and secure transactions are necessary. Consumers and business people alike must be confident that their transactions will not be intercepted or modified. The computer security community has spent more than 10 years developing digital signatures, which are being touted as the cornerstone technology for electronic commerce.
In order to estimate the security level of a method, a method should be tested by its fragility. In the above-mentioned method, there are two phases of security:                The key; and        The hash function.        
In order to forge a digital signature, a “hacker” must know how the hash function operates, and the private key of the user. Moreover, an encrypted file which contains a transaction, such as purchase, may be resent over and over by a malicious “hacker”, and according to the method described above, the recipient will be in complete ignorance of such malicious tampering.
A solution for the problems of adequate security is adding a biometric sample of the user who initiates the transaction. Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic. Examples of human traits used for biometric recognition include fingerprints, voice, speech, face, retina, iris, handwritten signature, hand geometry, and wrist veins. Biometric recognition can be used in identification mode, in which the biometric system identifies a person from the entire enrolled population by searching a database for a match. A system also can be used in verification mode, wherein the biometric system authenticates a person's claimed identity from his/her previously enrolled pattern. Using biometrics for identifying and authenticating human beings offers some unique advantages.
At the core of any biometric system lies a method of establishing that the mathematical equivalent of a person's physical or behavioral characteristics (i.e. template) is already referenced by the system. By comparing the template of a sample with the stored reference, said user may be authenticated or verified. While identification refers to comparing a single template against a database of templates, verification refers to approving an individual's claimed identity.
Only biometric authentication bases identification on an intrinsic part of a human being. Tokens, such as smart cards, magnetic stripe cards, physical keys, and so forth, can be lost, stolen, duplicated, or left at home. Passwords can be forgotten, shared, or covertly observed. While all biometric systems have their own advantages and disadvantages, there are some common characteristics needed to make a biometric system usable.
First, the biometric must be based upon a distinguishable trait. For example, for nearly a century, law enforcement has used fingerprints to identify people. There is a great deal of scientific data supporting the idea that “no two fingerprints are alike.” Newer methods, even those with a great deal of scientific support, such as DNA-based genetic matching, sometimes do not hold up in court. Another key aspect is how user-friendly is the system. Most people find it acceptable to have their pictures taken by video cameras or to speak into a microphone. In the United States, using a fingerprint sensor does not seem to be much of a problem. In some other countries, however, there is strong cultural opposition to touching something that has been touched by many other people.
Adding a biometric sample to a digital signature improves security. However, it is not adequate since the presence of a biometric sample by itself does not provide sufficient authentication to the fact the person who should sign the data packet actually signed it and intended to sign it and actually signed it.
It is therefore an object of the present invention to provide a method and system for carrying out secure signing of a person on the data packet(s), which provides higher security level.
It is another object of the present invention to provide a method and system for carrying out secure signing of a person on the data packet(s), which provides improved authentication that the person signed the data packet(s) was present at the moment of signing.
It is a further object of the present invention to provide a method and system for carrying out secure signing of a person on the data packet(s), which verify that the person whose personalized biometric sample is attached to the data packet actually signed the data packet(s).
It is a still further object of the present invention to provide a method and system for carrying out secure signing of a person on the data pack-et(s), that allow to add several signatures to a document.
Other objects and advantages of the invention will become apparent as the description proceeds.